Tech Translated

IT Security & Technology Blog

Practical IT insights for Australian businesses. Our team covers cybersecurity advisories, compliance updates, and plain-English explainers on the technology your business relies on, published regularly as the landscape shifts.

Red shield security alert graphic warning to patch the SimpleHelp RMM vulnerability

There’s a maximum-severity flaw in SimpleHelp — the remote-support tool many IT teams and managed providers use to log into and fix staff computers — and it’s under active attack right now. As reported by BleepingComputer, the bug (CVE-2026-48558) lets an attacker who can reach an exposed SimpleHelp server forge a fully authenticated “technician” session with no password, then use that trusted channel to push malware onto every machine the server manages. CISA added it to its Known Exploited Vulnerabilities catalogue on 29 June.

Why this one matters

The payload is the worrying part. A new loader called TaskWeaver installs Djinn Stealer — a cross-platform infostealer (Windows, macOS and Linux) that grabs cloud keys, SSH keys, saved browser logins and more, per Help Net Security. Because SimpleHelp is remote-support software, one compromised provider can reach every client it supports. It’s the same trusted-tool problem behind the fake IT-support calls we flagged this week — and the damage outlasts the clean-up. Once a cloud key or session token is stolen, isolating the infected PC doesn’t lock the attacker back out.

What to do today

If you run SimpleHelp, update to 5.5.16 or 6.0 RC2 now (the fix landed in late May) and take the server off the public internet if it doesn’t need to be there. Then treat it as a possible breach: end any technician sessions you don’t recognise, and rotate credentials, API keys and SSH keys. If your IT is outsourced, ask your provider one thing: “Do we use SimpleHelp, and if so, is it patched — and were we exposed?” A good one will answer plainly.

Not sure what remote-access tools are running in your business? That’s worth sorting on its own. Managed IT and cybersecurity from All IT keeps those tools patched, locked down and monitored — for businesses across Sydney, the Central West and beyond.

Related Guide

Cybersecurity for Sydney SMBs

Explore our complete guide to protecting your business from cyber threats.

Read the Full Guide →